Home
# Maia Mailguard 1.0.3 (svn 1581) installation on CentOS 6.2 - kind of a quick and dirty HOWTO
# Absolutely no warranty, use entirely at your own risk
# Absolutely no support - however - let me know if something is very wrong
# mr88talent at yahoo dot com
# 01 JUL 2012
# If this document has been forged the downloads could destroy the entire planet
# Experience with Linux and Postfix is assumed
#
# Document assumes you are using copy and paste, if not then on some lines
# with 'sed' commands it would probably be easier to simply edit the file.
#
# The base directory is /var/lib/maia so I don't have to edit a bunch of maia scripts.
# I do not install clamav/clamd from an rpm
# This document assumes a fresh CentOS 6.2 install using the 'Minimal' installation
# I do not install a GUI (like Gnome) and I use the PuTTY ssh client to access the command line
# I do uncomment 'PermitRootLogin yes' in /etc/ssh/sshd_config
# Use your favorite editor if you don't want to use vim
# I download and burn netinstall CD from http://wiki.centos.org/Download
# The installation media is then 'URL' with the URL http://mirror.centos.org/centos/6.2/os/i386 (for 32-bit)
# or http://mirror.centos.org/centos/6.2/os/x86_64 (for 64-bit)
# Use a static IP V4 address. I also use the address of a real DNS server - not my SOHO router's address for DNS.
# A few commands in this document will wrap - be sure you place the entire command on one line
# This document does not cover a lot things like configuring the firewall (system-config-securitylevel-tui)
# or disabling unnecessary daemons. Its focus is getting you to the point
# you can log on to Maia
# This document is not a tutorial for any of the programs listed here
# You can edit this document to customize it. The host name I use is 'ahost'
# The domain name I used is 'example.com' and the administrator's email name is 'adminguy'
# Root's MySQL password is 'roots_password'
# Maia's MySQL password is 'maia_password'
# Save this file, then using a plain text editor, do a search and replace on those five items.
# Only replace them once.
# Optional (this is not a Centos tutorial - heck, I use Debian myself)
yum update
# If you currently have SELinux enforced, set it to permissive (or even disabled)
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config
# make sure SELINUX is not enforcing, then reboot:
reboot
# If want to prevent 3rd party repositories from preferring themselves over base repositories
yum install yum-protectbase
# For CentOS, Please read http://wiki.centos.org/PackageManagement/Yum/ProtectBase
# I don't think RHEL6 works the same way with yum-protectbase. I have not had good luck figuring this out
# but the Dag rpmforge repo we will add later is generally considered safe, so personally I do not bother.
# a mail server should keep accurate time. If using a firewall, you will want to allow port 123 UDP in.
yum -y install ntp
ntpdate clock.fmt.he.net
ntpdate ntp1.tummy.com
chkconfig --level 235 ntpd on
hwclock --systohc
service ntpd start
# add the maia user
adduser -r -d /var/lib/maia -c "maia user" -s /bin/sh maia
# add yourself (as the maia administrator)
adduser adminguy
passwd adminguy
vi /etc/hosts
# in the /etc/hosts file I hate the way Red Hat does it.
# I do it more like this, adding the actual IP and moving our host name there
# (this assumes you are using a static IP address):
127.0.0.1 localhost.localdomain localhost
192.168.1.222 ahost.example.com ahost
# In this test setup, I don't have DNS MX records set up but I want to be able to
# locally send test mail to adminguy@example.com, so I am going to temporarily add
# the domain to the interface:
127.0.0.1 localhost.localdomain localhost
192.168.1.222 ahost.example.com ahost example.com
# Install the junk we need
yum -y install mysql mysql-server perl-DBD-MySQL perl-DBI subversion patch db4 db4-devel db4-utils perl-Error
yum -y install perl-HTML-Parser perl-Compress-Zlib php php-pear php-mysql perl-libwww-perl system-config-firewall-tui
yum -y install perl-Digest-HMAC perl-Digest-SHA1 perl-Net-DNS perl-Net-IP perl-URI mlocate file rsync curl
yum -y install perl-Archive-Zip perl-Archive-Tar perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-URI
yum -y install php-gd pax cpio tmpwatch bzip2 php-xml php-imap php-ldap php-pgsql php-mbstring wget bind-utils
yum -y install binutils gzip spamassassin php-bcmath gcc make bison zlib zlib-devel gmp-devel perl-LDAP
yum -y install perl-Mail-DKIM perl-MailTools perl-MIME-tools perl-Template-Toolkit man lsof perl-Image-Info
# It wouldn't hurt to run those installs again to make sure we got them all. Also install Pyzor:
cd /usr/local/src
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/6/x86_64/pyzor-0.5.0-3.el6.noarch.rpm
rpm -ivh pyzor-0.5.0-3.el6.noarch.rpm
# We are going to add Dag Wieers rpmforge repositories in order to get stuff we can't get from Red Hat:
# If you are using a 32-bit .i686 version of RHEL 6/CentOS 6:
rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
# If you are using a 64-bit .x86_64 version of RHEL 6/CentOS 6:
rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# Now install additional packages from Dag:
yum -y install perl-BerkeleyDB perl-Convert-TNEF perl-Convert-UUlib perl-Data-UUID perl-Net-Server perl-Unix-Syslog
yum -y install perl-Text-CSV nomarch cabextract re2c perl-Net-CIDR-Lite razor-agents perl-forks
yum -y install perl-Mail-DomainKeys perl-Mail-SPF-Query perl-Sys-Hostname-Long perl-IP-Country perl-IO-stringy
# Install one that got away:
cd /usr/local/src
wget http://verchick.com/mecham/public_html/spam/perl-Mail-SPF-2.007-1.el6.noarch.rpm
rpm -ivh perl-Mail-SPF-2.007-1.el6.noarch.rpm
# make the home directories for Maia
cd
mkdir /var/virusmails
chmod 0750 /var/virusmails
chown maia:maia /var/virusmails
mkdir /etc/maia
mkdir /var/run/maia
chown maia:root /var/run/maia
mkdir /var/lock/maia
chown maia:root /var/lock/maia
mkdir /var/lib/maia
mkdir /var/lib/maia/db
mkdir /var/lib/maia/tmp
mkdir /var/lib/maia/scripts
chown -R maia:maia /var/lib/maia
chmod -R 750 /var/lib/maia
mkdir /var/log/maia
touch /var/log/maia/process-quarantine.log
chown -R maia:maia /var/log/maia
wget http://verchick.com/mecham/public_html/spam/maia.txt
mv maia.txt /etc/logrotate.d/maia
# Download Maia svn version 1581
mkdir /usr/local/src/maia
cd /usr/local/src/maia
svn -r 1581 --non-interactive --trust-server-cert checkout https://www.maiamailguard.com/svn/branches/1.0
# please make a note of the SVN revision that you get
# if you need to download again, first move or remove /usr/local/src/maia then start over
# useful link: https://www.maiamailguard.com/maia/browser/branches/1.0
# useful link: https://www.maiamailguard.com/svn/branches/1.0
# I don't use sendmail, I am assuming you will use Postfix as I do
yum -y install postfix cyrus-sasl
rpm -e sendmail
alternatives --config mta
# then select /usr/sbin/sendmail.postfix if needed
# set up pyzor and razor
su maia -c 'pyzor discover'
su maia -c 'razor-admin -create'
su maia -c 'razor-admin -create'
su maia -c 'razor-admin -register'
# (may have to run that last one twice - if it gives an error the first time>
# test pyzor (a few times if needed)
su maia -c 'pyzor ping'
# disable razor logging (debuglevel = 0)
sed -i 's/= 3/= 0/' /var/lib/maia/.razor/razor-agent.conf
cat /var/lib/maia/.razor/razor-agent.conf
# create initial bayes database
su maia -c 'sa-learn --sync'
ls -l /var/lib/maia/.spamassassin/
######################
# install DCC
cd /usr/local/src
wget http://www.dcc-servers.net/dcc/source/old/dcc-1.3.142.tar.Z
tar xzf dcc-1.3.142.tar.Z
cd dcc-1.3.142
./configure --with-uid=maia && make && make install
chown -R maia:maia /var/dcc
ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd
crontab -e
# and insert (at the top):
43 11 * * * /usr/bin/cron-dccd
######################
# enable DCC in v310.pre (if you abide by the license)
cp /etc/mail/spamassassin/v310.pre /etc/mail/spamassassin/v310.pre-mybackup
sed -i 's|#loadplugin Mail::SpamAssassin::Plugin::DCC|loadplugin Mail::SpamAssassin::Plugin::DCC|' /etc/mail/spamassassin/v310.pre
head -30 /etc/mail/spamassassin/v310.pre
# test - look for pyzor, dcc. razor may not trigger on this.
cd /var/lib/maia
wget http://verchick.com/mecham/public_html/spam/sample-spam.txt
su maia -c 'spamassassin -D <sample-spam.txt'
# Install needed pear modules
cd
pear channel-update pear.php.net
pear install Mail_Mime-1.8.5
pear install Mail_mimeDecode-1.5.5
pear install Log-1.12.7
pear install Pager-2.4.8
pear install Image_Color-1.0.4
pear install Image_Canvas-0.3.4
pear install Image_Graph-0.8.0
pear install Numbers_Roman-1.0.2
pear install Numbers_Words-0.16.4
pear install Auth_SASL-1.0.6
pear install Net_Socket-1.0.10
pear install Net_IMAP-1.1.0
pear install Net_POP3-1.3.8
pear install DB-1.7.14
pear install Net_SMTP-1.6.1
pear channel-discover htmlpurifier.org
pear install hp/HTMLPurifier
# May want to run those again to make sure you got them all
# Copy some Maia files to the home directory
cp /usr/local/src/maia/1.0/scripts/* /var/lib/maia/scripts
test -e /etc/maia/maia.conf && cp /etc/maia/maia.conf /etc/maia/maia.conf-backup
test -e /etc/maia/maiad.conf && cp /etc/maia/maiad.conf /etc/maia/maiad.conf-backup
cp /usr/local/src/maia/1.0/maia.conf.dist /etc/maia/maia.conf
sed -i "s|'password'|'maia_password'|" /etc/maia/maia.conf
chmod 0640 /etc/maia/maia.conf
chgrp maia /etc/maia/maia.conf
cp -r /usr/local/src/maia/1.0/templates /etc/maia
chmod 640 /etc/maia/templates/*.tpl
chown -R maia:maia /etc/maia/templates
# Copy some custom spamassassin rules
cp /usr/local/src/maia/1.0/*.cf /etc/mail/spamassassin
vi /etc/maia/maia.conf
# and edit the base_url - I use /mail - and this document assumes you will too
$base_url = 'http://ahost.example.com/mail';
# you will probably need to make an entry in the hosts file on any computer
# that you are going to use to browse the server unless a DNS record exists.
# See http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/
# Out of the box, MySQL is poorly tuned for use with InnoDB. Assuming this is a
# fresh installation (with the default of innodb_fast_shutdown = 1), I am going to
# suggest some optimization. I set innodb_buffer_pool_size to 25% of physical RAM
# and innodb_log_file_size to 25% of innodb_buffer_pool_size. I set innodb_log_buffer_size
# to 8MB. Setting innodb_buffer_pool_size to at least 128M (assuming you have sufficient RAM)
# will greatly increase performance. When innodb_log_file_size is changed, the logs must be
# deleted and recreated. Make sure MySQL is not running when you do this.
service mysqld stop
vi /etc/my.cnf
# Under the [mysqld] section, add these entries:
innodb_buffer_pool_size = 128M
innodb_additional_mem_pool_size = 4M
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
max_allowed_packet = 20M
# Then rename the log files so they be recreated at a larger size.
# See http://dev.mysql.com/doc/refman/5.0/en/innodb-data-log-reconfiguration.html :
test -e /var/lib/mysql/ib_logfile0 && mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/iblogfile0-old
test -e /var/lib/mysql/ib_logfile1 && mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/iblogfile1-old
chkconfig --level 235 mysqld on
service mysqld start
# If you have not yet added a password:
# (substitute a real password for roots_password and notice the host name)
mysql
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('roots_password');
SET PASSWORD FOR 'root'@'ahost.example.com' = PASSWORD('roots_password');
CREATE DATABASE maia;
USE maia;
SOURCE /usr/local/src/maia/1.0/maia-mysql.sql;
GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON maia.* TO maia@localhost IDENTIFIED BY 'maia_password';
FLUSH PRIVILEGES;
ALTER TABLE `bayes_seen` ADD `lastupdate` timestamp default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP;
quit
# Now grab a script that runs weekly that does bayes_seen and awl cleaning
cd /etc
wget http://verchick.com/mecham/public_html/spam/trim.awl.sql
cd /etc/cron.weekly
wget http://verchick.com/mecham/public_html/maia/trim-sql-awl-weekly.txt
mv trim-sql-awl-weekly.txt trim-sql-awl-weekly
chmod +x trim-sql-awl-weekly
cd /usr/sbin
wget http://verchick.com/mecham/public_html/maia/trim-awl.txt
mv trim-awl.txt trim-awl
sed -i 's/passwd/maia_password/' trim-awl
chmod 0750 trim-awl
# Then run the script (no news is probably good news):
/etc/cron.weekly/trim-sql-awl-weekly
# You don't have to have every possible program (we do not need Crypt::Blowfish, Cyrpt::CBC and DBD:Pg),
# but make sure nothing is broken here:
cd /var/lib/maia/scripts/
./configtest.pl
# If you see "Patch 'MySQL Bug 46675' needs to be applied", install a patch:
wget http://www.maiamailguard.com/maia/raw-attachment/ticket/565/mysql-bug-46675.patch
patch -d /usr/share/perl5/Mail/SpamAssassin/BayesStore MySQL.pm < mysql-bug-46675.patch
# setup and run sa-update to get the latest spamassassin rules (make sure there are no error messages here)
# you should run sa-update on occasion (and then run a Maia 'load-sa-rules.pl' script to load them into Maia)
sa-update
sa-update
# Make sure we lint Ok
su maia -c 'spamassassin --lint'
# Load SpamAssassin rules into the Maia database:
cd /var/lib/maia/scripts
./load-sa-rules.pl
# Copy files to apache
mkdir /var/www/html/mail
cp -r /usr/local/src/maia/1.0/php/* /var/www/html/mail
cp /var/www/html/mail/config.php.dist /var/www/html/mail/config.php
chgrp maia /var/www/html/mail/themes/*/compiled
chmod 775 /var/www/html/mail/themes/*/compiled
sed -i 's/maia:passwd/maia:maia_password/' /var/www/html/mail/config.php
# Add apache to the maia group
gpasswd -a apache maia
# Install and configure Smarty;
cd /usr/local/src
wget http://verchick.com/mecham/public_html/spam/php-Smarty-2.6.26-1.el6.noarch.rpm
rpm -ivh php-Smarty-2.6.26-1.el6.noarch.rpm
ln -s /usr/share/php/Smarty /var/www/html/mail/libs/Smarty
# Create a cache directory for HTMLPurifier
mkdir -p /var/cache/HTMLPurifier
chown apache /var/cache/HTMLPurifier
chmod o-rwx /var/cache/HTMLPurifier
# Configure maia so it can find the HTMLPurifier cache
sed -i 's|$purifier_cache = null|$purifier_cache = "/var/cache/HTMLPurifier"|' /var/www/html/mail/config.php
grep purifier_cache /var/www/html/mail/config.php
# (start or restart)
chkconfig --level 235 httpd on
service httpd start
# You may have to configure the firewall to allow at least WWW (HTTP) and Mail (SMTP) connections if you have not already done so:
system-config-firewall-tui
# Assuming you have an A record in DNS configured for the server's host name
# (or at least an entry in your hosts file) (from a client) test out the install:
http://ahost.example.com/mail/admin/configtest.php
# remember to restart httpd if you make changes - service httpd restart.
# don't worry about the MCrypt library Failure. It's a bad idea to encrypt quarantined messages.
# You should ensure the database schema is up to date:
http://ahost.example.com/mail/admin/upgrade.php
# grab an init script from me
cd /etc/init.d
wget http://verchick.com/mecham/public_html/redhat/maia.init.txt
mv maia.init.txt maia
chmod +x maia
chkconfig --add maia
# copy maiad into place, make backups of current ones if you have them
test -e /usr/local/sbin/maiad && cp /usr/local/sbin/maiad /usr/local/sbin/maiad-mybackup
test -e /usr/sbin/maiad && cp /usr/sbin/maiad /usr/sbin/maiad-mybackup
cp /usr/local/src/maia/1.0/maiad /usr/sbin/maiad
hash -r
# Customize maiad.conf - or at least use many of these settings in yours
cd /etc/maia
test -e maiad.conf && cp maiad.conf maiad.conf-myoriginal
cp /usr/local/src/maia/1.0/maiad.conf.dist /etc/maia/maiad.conf
sed -i 's/^\$lha/#$lha/' /etc/maia/maiad.conf
sed -i 's/yourdomain.tld/example.com/' /etc/maia/maiad.conf
sed -i 's/DO_SYSLOG = 0/DO_SYSLOG = 1/' /etc/maia/maiad.conf
sed -i 's/virusalert/postmaster/' /etc/maia/maiad.conf
sed -i 's/spam.police/postmaster/' /etc/maia/maiad.conf
sed -i 's/host.domain.tld/ahost.example.com/' /etc/maia/maiad.conf
sed -i "s/# qr'\^MAIL/ qr'\^MAIL/" /etc/maia/maiad.conf
sed -i "s/'password'/'maia_password'/" /etc/maia/maiad.conf
# edit maiad.conf and check the settings
# Make a comment noting your revision number, e.g.: # SVN revision 1581
# I change $DO_SYSLOG = 1; so maiad logs to /var/log/maillog
# insure:
# @lookup_sql_dsn = ( ['DBI:mysql:maia:localhost:3306', 'maia', 'maia_password'] );
vi /etc/maia/maiad.conf
######################
# clamd
adduser -r -d /var/lib/clamav -c "clamav user" -s /sbin/nologin clamav
gpasswd -a clamav maia
# install clamav from source
cd /usr/local/src
# Download location and version are examples only (but valid when I wrote this), always use latest version of ClamAV
# see http://sourceforge.net/project/showfiles.php?group_id=86638
wget http://surfnet.dl.sourceforge.net/project/clamav/clamav/0.97.5/clamav-0.97.5.tar.gz
tar xzf clamav-0.97.5.tar.gz
cd clamav-0.97.5
./configure && make && make install
# Grab an init script for clamd
cd /etc/init.d
wget http://verchick.com/mecham/public_html/clamav95/clamd.init.txt
mv clamd.init.txt clamd
chmod +x clamd
chkconfig --add clamd
# Make directories clamd will need
mkdir /var/log/clamav/
chown -R clamav:clamav /var/log/clamav/
mkdir /var/run/clamav/
chown -R clamav:clamav /var/run/clamav/
mkdir /var/lib/clamav/
chown -R clamav:clamav /var/lib/clamav/
# cheat and use my conf files for this particular setup (if you want this stuff to work):
cd /usr/local/etc/
mv clamd.conf clamd.conf.old
mv freshclam.conf freshclam.conf.old
wget http://verchick.com/mecham/public_html/clamav9/clamd.conf
sed -i 's/clamd.sock/clamd.ctl/' clamd.conf
wget http://verchick.com/mecham/public_html/clamav9/freshclam.conf
freshclam
# It's OK that you got "WARNING: Clamd was NOT notified:" because we have not started clamd.
# So, start clamd:
service clamd start
# check for errors:
cat /var/log/clamav/clamav.log
#########
# For freshclam updates you can either use this script:
cd /etc/init.d
wget http://verchick.com/mecham/public_html/redhat/freshclam
chmod +x freshclam
chkconfig --add freshclam
service freshclam start
# (or) make a crontab entry:
crontab -e
# and make the following entry.
# change NN here to a number between 1 and 59 (three minutes from now)
NN * * * * /usr/local/bin/freshclam --quiet
#########
# keep an eye on the freshclam.log to make sure updates are happening
# if there is no freshclam.log we are in trouble
cat /var/log/clamav/freshclam.log
######################
# We are going to use Bill Landry's script (version 3.7) that downloads clamav unofficial signatures (like sanesecurity)
# http://sourceforge.net/projects/unofficial-sigs/"
cd /usr/local/src
wget http://verchick.com/mecham/public_html/spam/clamav-unofficial-sigs-3.7.tar.gz
tar xzf clamav-unofficial-sigs-3.7.tar.gz
cd clamav-unofficial-sigs-3.7
cp -u clamav-unofficial-sigs-logrotate /etc/logrotate.d/
cp -u clamav-unofficial-sigs.sh /usr/sbin
cp -u clamd-status.sh /usr/sbin
cp -u clamav-unofficial-sigs.conf /etc
gzip clamav-unofficial-sigs.8
cp -u clamav-unofficial-sigs.8.gz /usr/share/man/man8
sed -i 's|clamd\.sock|clamd.ctl|' /usr/sbin/clamd-status.sh
sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /usr/sbin/clamd-status.sh
sed -i 's|clamd_pid="/var/run/clamd.pid"|clamd_pid="/var/run/clamav/clamd.pid"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|reload_dbs="no"|reload_dbs="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_socket="/var/run/clamd.socket"|clamd_socket="/var/run/clamav/clamd.ctl"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_lock="/var/lock/subsys/clamd"|clamd_lock="/var/lock/subsys/clamd"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#start_clamd="service clamd start"|start_clamd="service clamd start"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|min_sleep_time="60"|min_sleep_time="3"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|max_sleep_time="600"|max_sleep_time="30"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|work_dir="/usr/unofficial-dbs"|work_dir="/var/lib/clamav-unofficial-sigs"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|curl_silence="no"|curl_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|rsync_silence="no"|rsync_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|gpg_silence="no"|gpg_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|comment_silence="no"|comment_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|enable_logging="no"|enable_logging="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /etc/clamav-unofficial-sigs.conf
Comment out MalwarePatrol Database:
sed -i "185s/^/#/" /etc/clamav-unofficial-sigs.conf
sed -i "186s/^/#/" /etc/clamav-unofficial-sigs.conf
sed -i "187s/^/#/" /etc/clamav-unofficial-sigs.conf
sed -i "188s/^/#/" /etc/clamav-unofficial-sigs.conf
# Now run the scripts and check for errors:
clamd-status.sh
clamav-unofficial-sigs.sh
service clamd restart
ls -l /var/lib/clamav should look similar to this:-rw-r--r--. 1 clamav clamav 61236 Jun 30 09:48 bytecode.cvd
-rw-r--r--. 1 clamav clamav 5360825 Jun 30 09:48 daily.cvd
-rw-r--r--. 1 clamav clamav 52824 Jun 30 09:49 honeynet.hdb
-rw-r--r--. 1 clamav clamav 5331347 Jun 29 05:53 junk.ndb
-rw-r--r--. 1 clamav clamav 829782 Jun 30 08:53 jurlbl.ndb
-rw-r--r--. 1 clamav clamav 30750647 Jun 30 09:48 main.cvd
-rw-r--r--. 1 clamav clamav 249873 Jun 30 09:49 mbl.ndb
-rw-r--r--. 1 clamav clamav 104 Jun 30 09:48 mirrors.dat
-rw-r--r--. 1 clamav clamav 3168444 Jun 29 04:56 phish.ndb
-rw-r--r--. 1 clamav clamav 177966 Jun 29 04:56 rogue.hdb
-rw-r--r--. 1 clamav clamav 9164 Jun 19 02:56 sanesecurity.ftm
-rw-r--r--. 1 clamav clamav 1802804 Jun 29 01:55 scam.ndb
-rw-r--r--. 1 clamav clamav 9669520 Jun 30 09:49 securiteinfo.hdb
-rw-r--r--. 1 clamav clamav 57676 Mar 2 05:22 spamimg.hdb
-rw-r--r--. 1 clamav clamav 724108 Jun 30 09:49 vx.hdb
-rw-r--r--. 1 clamav clamav 2614327 Jun 30 08:45 winnow_malware.hdb
-rw-r--r--. 1 clamav clamav 1454338 Jun 30 08:45 winnow_malware_links.ndb
# You should stop clamd, and then run the clamd-status.sh script to see if it works.
# Now we add a crontab entry with download attempts performed every 6th hour:
crontab -e
# Insert these two entries. Replace MM (minutes) below with a number between 1 and 59:
MM */6 * * * /usr/sbin/clamav-unofficial-sigs.sh
*/6 * * * * /usr/sbin/clamd-status.sh
# Save and exit the file. The first cron job should run every 6 hours, and the second, every 6 minutes.
# The clamav-status.sh script will restart clamd after a crash.
# There is a log file at /var/log/clamav-unofficial-sigs.log and you can read the man page at 'man clamav-unofficial-sigs'.
# Start maiad in debug mode and check for severe errors. "INFO: no optional modules:" is not a problem, Use [Ctrl]+c to cancel:
# Note that there will be modules we are not using. This is not a problem either. Hopefully you get: "Net::Server: Parent ready for children."
service maia stop
maiad debug
# If everything looks Ok, cancel debug mode (Ctrl+C) and start maiad
service maia start
######################
# Minimal Postfix configuration:- you are on your own here, this is not a Postfix HOWTO
# this delivers locally to one domain (using mbox format)
# If you already have a working Postfix, keep your eyes open here
# If you are relaying mail instead of storing it locally, you may wish to read my Debian document
# http://verchick.com/mecham/public_html/spam/spamfilter20110303.html#maincf
# Also, you would not want to have the bare domain in the hosts file, which I placed there for this test.
# This first part enables the content_filter and adds the smtp-maia transport to master.cf:
cd /etc/postfix
cp main.cf main.cf-myoriginal
postconf -e "content_filter = smtp-maia:[127.0.0.1]:10024"
wget http://verchick.com/mecham/public_html/spam/maiad-master.txt
cp master.cf master.cf-backup
cp master.cf master.cf-myoriginal
grep 'smtp-maia' master.cf || cat master.cf-myoriginal maiad-master.txt > master.cf
cat master.cf
# If you already have a working Postfix, you will not want to run these
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = example.com"
postconf -e "mydomain = example.com"
postconf -e "myhostname = ahost.example.com"
postconf -e "inet_interfaces = all"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
chkconfig postfix on
# system dependent, default is $myhostname, localhost.$mydomain, localhost
# this is for local mail delivery
# If you already have a working Postfix, you will not want to run this
postconf -e "mydestination = \$myhostname, localhost.\$mydomain, localhost, \$mydomain"
# note that we escaped the $ sign when using postconf - the backslash does not actually go in main.cf
service postfix stop
service postfix start
postfix flush
# did Postfix die? Is so, why?:
tail -30 /var/log/maillog | grep postfix
######################
reboot
# When the system comes back up, make sure clamd and maia (and freshclam?) are running
ps aux | egrep '(clam|maia)' | grep -v grep
# send a simple test message
echo "test" | sendmail adminguy@example.com
# after about 30 seconds the result should be in:
tail -30 /var/spool/mail/adminguy
# I got (notice the processing by maiad):
######################
From root@example.com Fri Jun 22 21:46:19 2012
Return-Path: <root@example.com>
X-Original-To: adminguy@example.com
Delivered-To: adminguy@example.com
Received: from localhost (localhost [127.0.0.1])
by ahost.example.com (Postfix) with ESMTP id 3250E1405F2
for <adminguy@example.com>; Fri, 22 Jun 2012 21:46:19 -0600 (MDT)
Received: from ahost.example.com ([127.0.0.1])
by localhost (ahost.example.com [127.0.0.1]) (maiad, port 10024) with ESMTP
id 01319-01 for <adminguy@example.com>; Fri, 22 Jun 2012 21:46:18 -0600 (MDT)
Received: by ahost.example.com (Postfix, from userid 0)
id 900421405E2; Fri, 22 Jun 2012 21:46:18 -0600 (MDT)
Message-Id: <20120623034618.900421405E2@ahost.example.com>
Date: Fri, 22 Jun 2012 21:46:18 -0600 (MDT)
From: root@example.com (root)
To: undisclosed-recipients:;
test
# If you look in /var/log/httpd/error_log you may or may not see a number of errors like this:
[Sat Feb 20 16:56:44 2010] [error] [client 192.168.1.41] PHP Warning:
strftime(): It is not safe to rely on the system's timezone settings.
You are *required* to use the date.timezone setting or the
date_default_timezone_set() function. In case you used any of those
methods and you are still getting this warning, you most likely
misspelled the timezone identifier. We selected 'America/Denver' for
'MST/-7.0/no DST' instead in
/usr/share/php/Smarty/plugins/modifier.date_format.php on line 53,
referer: http://ahost.example.com/mail/settings.php?
# So, you want to vi /etc/php.ini and uncomment and configure the date.timezone setting.
# Here is page to refer to as to the wording of the time zones:
http://us.php.net/manual/en/timezones.php
# You may also get errors such as:
PHP Notice: Use of undefined constant PEAR_LOG_DEBUG - assumed
'PEAR_LOG_DEBUG' in /var/www/html/mail/config.php on line 79
# then I suggest changing error_reporting = E_ALL & ~E_DEPRECATED to error_reporting = E_ALL & ~E_DEPRECATED & ~E_NOTICE in /etc/php.ini
# Then restart apache2:
vi /etc/php.ini
service httpd restart
You can run http://ahost.example.com/mail/admin/configtest.php
as a quick test - to see if errors continue in /var/log/httpd/error_log
######################
# Note that the administrator you create here (by running internal-init.php and login.php?super=register) must be your real
# address because you will get an email at that address with your password. I hope the mail system is functioning enough
# to actually deliver mail to that user.
# I am going to use internal authentication, so first:
# here is a sample of what we are after next:
http://verchick.com/mecham/public_html/spam/authentication5.htm
http://ahost.example.com/mail/internal-init.php
# If all goes well, you will get a "250 Ok" response on the screen when you submit this page
# and your password in a message in your inbox:
tail -30 /var/spool/mail/adminguy
# Then log in with your email address and password
# The first person to log in (hopefully you) to this script will be the super user.
http://ahost.example.com/mail/login.php?super=register
# You will want to change your password.
# Send eicar.com.txt virus as an attachment in order to test clamd once
# you have enabled virus scanning in Maia.
# tail -f /var/log/maillog
#
# The SQL based Bayes and AWL tables have been created for you.
# You can enable them by placing this in /etc/mail/spamassassin/local.cf:
vi /etc/mail/spamassassin/local.cf
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:maia:localhost
bayes_sql_username maia
bayes_sql_password maia_password
bayes_sql_override_username maia
# auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
# user_awl_dsn DBI:mysql:maia:localhost
# user_awl_sql_username maia
# user_awl_sql_password maia_password
# You will need to restart maiad after making that change - service maia restart - We also need to initialize
# the Bayes Database (and we always want to lint SA after making changes):
cd
service maia restart
su maia -c 'spamassassin --lint'
wget http://spamassassin.apache.org/gtube/gtube.txt
sa-learn --spam gtube.txt
sa-learn --dump magic
http://ahost.example.com/mail
# This is just the beginning.
# Please read the Maia documentation to continue. Make sure you set up
# maintenance scripts and move the admin directory out of http
# http://www.maiamailguard.com/maia/wiki/MaintenanceScripts
# Note: in System Configuration, please provide the full pathname to "E-mail reminder template file:"
# /etc/maia/templates/reminder.tpl
######################
# I would test again with 'maiad debug'. Now, read the documentation:
http://www.maiamailguard.com/docs.php
Here is a sample of what root's crontab may look like for the Maia scripts:# Minute Hour Day of Month Month Day of Week Command
# (0-59) (0-23) (1-31) (1-12 or Jan-Dec) (0-6 or Sun-Sat)
30 * * * * /bin/su maia -c '/var/lib/maia/scripts/process-quarantine.pl --learn --report'
10 1 * * * /bin/su maia -c '/var/lib/maia/scripts/expire-quarantine-cache.pl --quiet'
10 2 * * 3 /bin/su maia -c '/var/lib/maia/scripts/send-quarantine-reminders.pl'
*/5 * * * * /bin/su maia -c '/var/lib/maia/scripts/send-quarantine-digests.pl'
0 * * * * /bin/su maia -c '/var/lib/maia/scripts/stats-snapshot.pl' >/null